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DETAILED ACTION 

This office action is in response to the Application filed on January 20, 2004. Claims 1- 
27 are pending in the current application. 

Information Disclosure Statement 

1 . The information disclosure statements filed August 2, 2004, October 4, 2004, and 
September 22, 2006, which contain a disclosure of related application(s) have been 
noted by the examiner. In order to claim priority to the disclosed related applications, 
applicant should claim priority on the Oath and Declaration and cite the disclosed 
related applications in the cross reference to related applications section in the 
specification (See MPEP §201.11). 

Oath/Declaration 

2. The oath or declaration is defective because the declaration recitation of " . . . duty 
to disclose information which is material to the examination..." should be "...duty to 
disclose information which is material to patentability...". A new oath or declaration in 
compliance with 37 CFR 1.67(a) identifying this application by application number and 
filing date is required. See MPEP §§ 602.01 and 602.02. 

Drawings 

3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: 1 30, Global Zone, Figure 2A as disclosed in paragraph [0052], line 7. 
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4. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference character(s) not mentioned in the 
description: 

a. 170, Figure 2A; and 

b. 120a-n, 140a, 140b, 162a, 162b, 164a, 164b, 172a, 172b, 180a, 180b, 
182a, 182b, 190a, and 190b of Figure 1. Though the specification discusses 
components 120 (Devices), 140 (Non-Global Zones), 162 (Zoneadmds), 164 
(Zscheds), 172 (Init Processes), 180 (File Systems), 182 (Network Interfaces), 
and 190 (Application Environments) it does not expressly disclose components 
120a-n, 140a-b, 162a-b, 164a-b, 172a-b, 180a-b, 182a-b, and 190a-b. 

5. Corrected drawing sheets in compliance with 37 CFR 1 .121 (d), or amendment to 
the specification to add the reference character(s) in the description in compliance with 
37 CFR 1 .121(b) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Claim Objections 

6. Claims 3 and 4 are objected to because of the following informalities: 
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a. claim 3, line 1 , the recitation of " . . . The method of claim 1 . . . " should be 
"...The method of claim 2...", since the claim appears to refer to the 
"computational resources" of claim 2; and 

b. claim 4, line 4, the recitation of "...permitting the a process..." should be 
"...permitting a process...". Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

8. Claims 1-26 are rejected under 35 U.S.C. 102(b) as being anticipated by United 
States Patent Application Publication 2002/0174215 A1 to Schaefer. 

9. As to claim 1 , Schaefer teaches a method comprising: 

establishing a virtual platform (OSGuard 100, Fig.1, paragraphs [0013]-[0014]) 
for providing services to applications (applications 50, Fig. 1, paragraph [0012]) 
executing under the operating system environment controlled by a single kernel 
instance (Operating System 10, Fig. 1, paragraph [0013]); 

establishing a first non-global zone for maintaining a first application 
environment (application 52, Fig. 2) and a second non-global zone for maintaining a 
second application environment (application 54, Fig. 2) (paragraphs [0018]-[0019]); and 
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isolating applications executing in association with the first application 
environment (application 52, Fig. 2) from applications executing in association with the 
second application environment (application 54, Fig. 2) (paragraph [0012]); 

wherein the virtual platform exists for a time period before or after the first 
application environment and the second application environment (paragraphs [0013]- 
[0014]). 

1 0. As to claim 2, Schaefer teaches the method of claim 1 , wherein isolating 
applications executing in association with the first application environment from 
applications executing in association with the second application environment 
comprises: 

starting a first process in association with the first application environment 
(application 52, Fig. 2, paragraph [0019] and [0023]); 

starting a second process in association with the second application environment 
(application 54, Fig. 2, paragraph [0019] and [0023]); and 

isolating the first process from the second process (paragraph [0012]); and 

wherein the virtual platform provides virtualized access to computational 
resources to the first process and the second process (paragraph [0014] and [0022]). 

11. As to claim 3, Schaefer teaches the method of claim 2, wherein computational 
resources comprise at least one of a network interface, a communications interface, a 
file system, a system console, a DASD address and an operating system service 
process (paragraph [0022]). 
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12. As to claim 4, Schaefer teaches the method of claim 1 , wherein isolating 
applications executing in association with the first application environment from 
applications executing in association with the second application environment, further 
comprises: 

permitting the a process in the first non-global zone (application 52, Fig. 1 ) to 
access computational objects (e.g. registry key, paragraph [0017]) within the first non- 
global zone (application 52, Fig. 1) and to view computational objects (e.g. registry key, 
paragraph [0017]) within the first non-global zone (paragraph [0019]); and 

selectively permitting a process existing outside of the first non-global zone and 
the second non-global zone (Operating System Guard, 100, Fig. 2) to view 
computational objects (e.g. Windows registry entries) within the first non-global zone 
and the second non-global zone (paragraph [0014]). 

1 3. As to claim 5, Schaefer teaches the method of claim 1 , wherein establishing a 
virtual platform further comprises: 

creating a zone configuration (e.g. virtual environment), thereby enabling 
transition from a first state to a Configured state (paragraph [0024]); 

installing the zone configuration (e.g. loading), thereby enabling transition from 
the Configured state to an Installed state (paragraph [0024]); and 

instantiating processes (e.g. process environment manager 1 14, Fig. 4) for 
providing services, thereby enabling transition from the Installed state to a Ready state 
(paragraph [0022]). 
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14. As to claim 6, Schaefer teaches the method of claim 5, wherein instantiating 
processes for providing services further comprises at least one of: 

starting a scheduler process (process environment manager 114, Fig. 4), 
establishing network interfaces, mounting file systems (file manager, 106, Fig. 4), 
initializing a system console and configuring devices (device manager 110, Fig. 4) 
(paragraph [0022]). 

15. As to claim 7, Schaefer teaches the method of claim 1 , wherein establishing a 
first non-global zone for maintaining a first application environment further comprises: 

starting a process for initializing user processes (process manager, 120, Fig. 4), 
thereby enabling transition from the Ready state to a Running state (paragraph [0023]). 

16. As to claim 8, Schaefer teaches the method of claim 7, further comprising: 
receiving a command to reboot (e.g. process needs to be loaded) a non-global 

zone (paragraph [0023]); 

halting user processes (e.g. unloading virtual environment) associated with the 
application environment of the non-global zone (paragraph [0024]); and 

freeing resources (e.g. unload) allocated to support the non-global zone (e.g. 
release application by process manager 120, Fig. 4), thereby enabling transition from 
the Running state to the Installed state (paragraph [0023]); 

re-instantiating processes (e.g. process environment manager 114, Fig. 4) for 
providing services, thereby enabling transition from the Installed state to a Ready state 
(paragraph [0022]); and 
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re-starting a process for initializing user processes (process manager, 120, Fig. 
4), thereby enabling transition from the Ready state to a Running state (paragraph 
[0023]). 

17. As to claim 9, Schaefer teaches the method of claim 7, further comprising: 
receiving a command to halt a non-global zone (e.g. virtual environment needs to 

be unloaded, paragraph [0024]); 

halting user processes (e.g. unloading virtual environment) associated with the 
application environment of the non-global zone paragraph [0024]); and 

freeing resources (e.g. unload) allocated to support the non-global zone (e.g. 
release application by process manager 120, Fig. 4), thereby enabling transition from 
the Running state to the Installed state (paragraph [0023]). 

1 8. As to claim 10, Schaefer teaches the method of claim 1 , wherein a global zone 
comprises processes not associated with the first non-global zone or the second non- 
global zone, the method further comprising: 

permitting processes (e.g. process manager 120, Fig. 4) associated with global 
zone (Operating System Guard 100, Fig. 2) to view and access objects (e.g. registry 
key, paragraph [0017]) in the global zone (e.g. shared view of available system 
resources) and view objects in at least one non-global zone (paragraph [0014] and 
[0020]); 

permitting processes associated with a non-global zone (application 52, Fig. 1) to 
view and access objects (e.g. registry key, paragraph [0017]) only in that non-global 
zone (paragraph [0019]); and 
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selectively permitting upon authorized request, a process (e.g. configuration 
manager 104, Fig. 4) of the global zone (Operating System Guard, 100, Fig. 2) to 
access objects (e.g. Windows registry entries) in a non-global zone (paragraph [0014]). 
1 9. As to claim 1 1 , Schaefer teaches a computer based method for managing 
resources in an operating system environment controlled by a single kernel instance, 
the method comprising the steps of: 

establishing a virtual platform (OSGuard 100, Fig.1, paragraphs [0013]-[0014]); 

partitioning the operating system environment into a global zone (OSGuard 100, 
Fig. 2) and at least one non-global zone (application 52, Fig. 2), each non-global zone 
comprising an application environment for isolating applications (application 52, Fig. 2) 
from applications executing in association with other non-global zones (application 54, 
Fig. 2) (paragraph [0012]), wherein each non-global zone uses services of the virtual 
platform to access devices (device manager 110, Fig. 4) and services (paragraph 
[0022]); 

permitting processes (e.g. process manager 120, Fig. 4) associated with global 
zone (Operating System Guard 100, Fig. 2) to view and access objects (e.g. registry 
key, paragraph [0017]) in the global zone (e.g. shared view of available system 
resources) and view objects in the non-global zones (paragraph [0014] and [0020]) and 
permitting processes of each non-global zone (application 52, 54, Fig. 1 ) to view and 
access objects (e.g. registry key, paragraph [0017]) only in the non-global zone 
(paragraph [0019]); and 
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selectively permitting upon authorized request, a process (e.g. configuration 
manager 104, Fig. 4) of the global zone (Operating System Guard, 100, Fig. 2) to 
access objects (e.g. Windows registry entries) in a non-global zone (paragraph [0014]); 
and wherein the virtual platform exists for a time period before or after the application 
environment (paragraphs [001 3]-[001 4]). 

20. As to claim 12, Schaefer teaches the method of claim 1 1 , further comprising: 
permitting a first process (e.g. application 52, Fig. 2) to access objects (e.g. 

registry key, paragraph [0017]) within the global zone (Operating System Guard, 100, 
Fig. 2) and a second process (e.g. application 54, Fig. 2) to access objects (e.g. registry 
key, paragraph [0017]) within the global zone (Operating System Guard, 100, Fig. 2) 
and at least one non-global zone (application 52, Fig. 2); 

thereby enabling the global zone (Operating System Guard, 100, Fig. 2) to 
provide at least one of a default virtual environment (paragraph [0014]) and a system 
administrative environment (paragraph [0062]). 

21 . As to claims 13-22, these claims are rejected for the same reasons as claims 1- 

10 respectively, see the rejections to claims 1-10 above. 

22. As to claims 23 and 24, these claims are rejected for the same reasons as claims 

1 1 and 12 respectively, see the rejections to claims 1 1 and 12 above. 

23. As to claim 25, this claim is rejected for the same reason as claim 1 , see the 
rejection to claim 1 above. 

24. As to claim 26, Schaefer teaches an apparatus, comprising: 
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a means for establishing a virtual platform (OSGuard 100, Fig. 1 , paragraphs 
[0013]-[0014]); and 

a means for transitioning between a finite plurality of states (e.g. configuration, 
installation, and runtime) upon occurrence of configuring at least one non-global zone 
(application 52, Fig. 2) to form a configuration (paragraph [0024]), installing the 
configuration (e.g. loading, paragraph [0024]), establishing the virtual platform 
(OSGuard 100, Fig.1, paragraphs [0013]-[0014]), establishing an application 
environment (applications 50, Fig. 1, paragraph [0012]) and releasing resources (e.g. 
unload) of the virtual platform and the application environment (e.g. release application 
by process manager 120, Fig. 4, paragraph [0023]); 

wherein the non-global zones (applications 52,540, Fig. 2) each comprise an 
application environment for isolating applications from applications executing in 
association with other non-global zones (paragraphs [0018]-[0019]) in an operating 
system environment controlled by a single kernel instance (Operating System 10, Fig. 1, 
paragraph [001 3]), and wherein the non-global zones (applications 52, 54, Fig. 2) use 
services of the virtual platform (OSGuard 100, Fig.1, paragraphs [0013]-[0014]) to, 
interface to applications within each other (paragraph [0020]) and to devices (device 
manager 110, Fig. 4) and services (paragraph [0022]); and 

wherein the virtual platform (OSGuard 100, Fig.1 ) exists for a time period before 
or after the application environment (paragraph [0014] and [0022]). 
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Claim Rejections - 35 USC § 103 

25. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

26. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable over United 
States Patent Application Publication 2002/0174215 A1 to Schaefer in view of United 
States Patent 6,557,168 B1 to Czajkowski. 

27. As to claim 27, Schaefer teaches the invention substantially as claimed including 
a system, comprising: 

instructions for providing a single kernel instance operating system (Operating 
System 10, Fig. 1, paragraph [0013]); 

instructions for establishing and managing a virtual platform (OSGuard 100, 
Fig.1, paragraphs [0013]-[0014]) for providing services and at least one non-global zone 
(applications 50, Fig. 1, paragraph [0012]), including: 

instructions to create a zone configuration (e.g. virtual environment), thereby 
enabling transition from a first state to a Configured state (paragraph [0024]); 

instructions to install (e.g. load) the zone configuration, thereby enabling 
transition from the Configured state to an Installed state (paragraph [0024]); 

instructions to instantiate processes (e.g. process environment manager 114, 
Fig. 4) for providing the plurality of services (e.g. managing applications and contexts), 
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thereby enabling transition from the Installed state to a Ready state (paragraph [0022]); 
and 

instructions to start a process to initialize user processes (process manager, 120, 
Fig. 4) associated with a non-global zone (application 52, Fig. 2), thereby enabling 
transition from the Ready state to a Running state (paragraph [0023]); 

wherein the virtual platform exists for a time period before or after application 
environments associated with the non-global zones (paragraph [0014] and [0022]). 

Schaefer does not explicitly teach at least one processor; and 

a memory connected with the processor, and operative to hold a plurality of 
program instructions. 

However Czajkowski teaches at least one processor (CPU 102, Fig. 1); and 

a memory connected with the processor (Memory 104, Fig. 1), and operative to 
hold a plurality of program instructions (col. 7, lines 28-30). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to have modified the client computer of Schaefer with the teachings 
of a computer system from Czajkowski because this feature would have provided a 
general-purpose computer system which is suitable for implementing a system and 
method for application isolation (col. 6, lines 66-67 and col. 7, line 1 of Czajkowski) 

Conclusion 

28. The prior art made of record on the accompanying PTO-892 and not relied upon, 
is considered pertinent to applicant's disclosure. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kacy Verdi whose telephone number is (571) 270-1654. 
The examiner can normally be reached on Monday-Friday 7:30am-5:00pm EST.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Thomson can be reached on (571) 272-3718. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

June 12, 2007 / 



KV 




